b'OFFICE OF INSPECTOR GENERAL\n\n\nAUDIT OF USAID/WEST BANK\nAND GAZA\xe2\x80\x99S PARTNER\nVETTING AND GEO-\nMANAGEMENT INFORMATION\nSYSTEMS (EXECUTIVE\nSUMMARY)\n\nAUDIT REPORT NO. 6-294-14-007-P\nAPRIL 23, 2014\n\n\n\nCAIRO, EGYPT\n\x0cThis is an executive summary of our report on \xe2\x80\x9cAudit of USAID/West Bank and Gaza\xe2\x80\x99s Partner\nVetting and Geo-Management Information Systems.\xe2\x80\x9d The Federal Information Security Management\nAct of 2002 (FISMA) requires agencies to implement an agency-wide information security program\nto protect their information and information systems, including those provided or managed by\nanother agency, contractor, or source. The act also requires agencies to have an annual\nassessment of their information systems.\n\nIn response to FISMA requirements, National Institute for Standards and Technology (NIST)\ndeveloped Federal Information Processing Standards (FIPS) 200, \xe2\x80\x9cMinimum Security Requirements\nfor Federal Information and Information Systems,\xe2\x80\x9d and FIPS 199, \xe2\x80\x9cStandards for Security\nCategorization of Federal Information and Information Systems,\xe2\x80\x9d to make sure all federal agencies\ncomply with FISMA. NIST also established guidelines in its Special Publication 800-53 for selecting\nand specifying security controls for organizations and information systems to help executive\nagencies meet the requirements of FIPS 200.\n\nThe Regional Inspector General/Cairo (RIG/Cairo) conducted this audit as part of its fiscal year 2013\naudit plan. The objective was to determine whether USAID/West Bank and Gaza implemented\nminimum security controls to protect the confidentiality, integrity, and availability of three of the\nmission\xe2\x80\x99s critical information systems\xe2\x80\x94the Partner Vetting System, Partner Vetting System\nNongovernmental Organization Portal, and Geo-Management Information System\xe2\x80\x94according to the\nNIST requirements. While the mission has implemented some controls for all three systems, the\naudit found weaknesses in other security control areas that needed improvement.\n\nBased on the audit results, RIG/Cairo made 37 recommendations to help USAID/West Bank and\nGaza and USAID/Office of Security strengthen their information security program. Management\ndecisions were made on 37 recommendations, and final action was taken on 7 of them.\n\x0cU.S. Agency for International Development \n\n       Office of Inspector General \n\n      1300 Pennsylvania Avenue, NW \n\n          Washington, DC 20523 \n\n            Tel: 202-712-1150 \n\n            Fax: 202-216-3047 \n\n           http://oig.usaid.gov\n\x0c'